Privacy Policy
Last updated: June 28, 2026
This Privacy Policy explains how CrystalMeanings.org (“we,” “us,” “our,” or “the Site”) collects, uses, and protects information when you visit https://crystalmeanings.org. By using the Site, you agree to the practices described here.
Who we are
Our website address is: https://crystalmeanings.org.
Information we collect
We collect information only when we have a legitimate reason — such as to provide our services, communicate with you, secure the Site, or improve content and features. The categories of information we may collect are described below.
Information you provide
- Comments: When visitors leave comments, we collect the data shown in the comments form, plus the visitor’s IP address and browser user agent string to help with spam detection.
- Purchases and contact (if applicable): For orders placed through our store we collect the details needed to process them (name, billing/shipping info, email) and keep purchase records.
- Communications: If you contact us via form or email, we store our correspondence as permitted by law.
Information we collect automatically
- Log data: Browser type, IP address, device identifiers, language, referrer, date/time, operating system, and mobile network info. This is collected by our origin server and our content delivery network (see BunnyCDN below).
- Usage data: Pages viewed, searches, features used, interactions with navigation, scroll depth, clicks, screen size and device information — used to deliver, secure, and improve the Site, and to produce aggregated analytics and session recordings (see Microsoft Clarity below).
- Approximate location: Inferred from IP address (typically country/region level) for visit statistics and to serve region-appropriate advertising.
- Cookies & similar technologies: To recognize visitors, remember preferences, analyze performance, and measure and personalize advertising (see Cookies & consent and Advertising below).
Information from other sources
Gravatar: When you comment with an email address, an anonymized string (a hash) created from your email may be provided to the Gravatar service to check whether you are using it. If so, your avatar and public profile may appear next to your comment. See Automattic’s Privacy Policy.
How we use information
- Provide and maintain the Site (publish comments, manage accounts, process orders, support users).
- Ensure security and prevent abuse (detect spam, fraud, or malicious activity).
- Analyze and improve the Site (debug issues, develop new features and content, understand how visitors engage with pages).
- Measure, deliver, and personalize advertising, and report on ad performance (see Advertising below).
- Communicate with you (transactional messages, important updates, and optional marketing you can opt out of).
- Comply with legal obligations and enforce our terms.
Third-party services and vendors
We rely on trusted third parties to operate and improve the Site. The table below summarizes the key services, what they process, and where to learn more. These providers operate under their own privacy policies and may transfer data outside your region.
| Service | Purpose | Typical data | Learn more |
|---|---|---|---|
| Microsoft Clarity | Privacy-friendly analytics: session recordings, heatmaps, and aggregate engagement metrics to improve usability. | Anonymous usage data, masked IP, session interactions. Clarity does not use personal data for advertising or sell data. | Microsoft Privacy Statement |
| Google AdSense & advertising partners | Serve and measure display advertising, including ads based on prior visits to this and other sites. | Cookie identifiers, IP (used to derive approximate location), ad interactions, DoubleClick/IDFA identifiers. Google may use this to personalize ads. | Google Ad privacy |
| BunnyCDN | Global content delivery network that caches and serves the Site’s static assets (images, CSS, JS) from edge locations close to you. | Request logs: IP address, requested URL, user agent, timestamp, bytes transferred. Logs are kept for a limited period for security and analytics. | Bunny.net Privacy Policy |
| Stripe / PayPal | Process payments for our digital products (ebooks). Card data is handled directly by the payment provider and never touches our servers. | Billing name, email, payment instrument token, transaction metadata. | Stripe · PayPal |
| Gravatar | Displays avatars next to commenter names. | Hashed email address. | Automattic |
We may also share limited data with hosting, email delivery, anti-spam, and analytics providers who help operate the Site. They are bound by confidentiality and data-protection obligations. We may disclose information to comply with legal requests or to protect rights, property, and safety, and may share aggregated or de-identified data that cannot reasonably identify you.
Cookies, similar technologies, and consent
Cookies are small text files stored on your device. We and our partners use cookies and similar technologies (local storage, pixels, SDK identifiers) for several purposes:
- Essential cookies — Required for core Site functions (e.g., remembering your cookie consent choice, session continuity). These cannot be disabled.
- Analytics cookies — Help us understand how the Site is used (e.g., via Microsoft Clarity) so we can improve it.
- Advertising cookies — Used by Google AdSense and ad partners to measure ad performance, frequency-cap ads, and (where you have not opted out) to show ads based on your interests and past visits.
- Functional cookies — Remember preferences such as display choices and (where applicable) login state.
Consent mechanism
When you first visit the Site, a cookie banner asks for your consent to place non-essential (analytics and advertising) cookies. You may accept all, reject non-essential cookies, or manage your preferences. Your choice is stored in an essential cookie so it persists across pages. If you later change your mind, you can reopen the preference center from the link in the Site footer. Rejecting non-essential cookies does not prevent the Site from working, but ads and some analytics features will be limited.
You can also control or delete cookies through your browser settings. Most browsers let you refuse new cookies or delete existing ones. Note that some features of the Site may not function properly if cookies are disabled.
Advertising and personalized ads
The Site is supported by advertising, which may include ads served by Google AdSense and other ad networks. These partners may use cookies (such as Google’s __gads / DoubleClick cookie) and device identifiers to:
- Serve ads based on your prior visits to this and other websites or apps.
- Measure ad performance and report on impressions, clicks, and conversions.
- Limit how often you see the same ad (frequency capping).
Third-party vendors, including Google, use cookies to serve ads based on your prior visits to our website or other websites. Google’s use of advertising cookies enables it and its partners to serve ads to you based on your visit to our site and/or other sites on the internet. You may opt out of personalized advertising by visiting Google Ads Settings. You can also opt out of a third-party vendor’s use of cookies for personalized advertising by visiting www.aboutads.info.
Where required by law, personalized advertising cookies are only placed after you give consent through our cookie banner. We do not knowingly collect sensitive personal information for ad targeting.
Embedded content from other websites
Articles may include embedded content (e.g., videos, images). Embedded content from other websites behaves in the same way as if you had visited the other website directly. Those sites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that content.
Media
If you upload images (for example, as part of a profile or comment), avoid uploading images with embedded location data (EXIF GPS). Visitors may be able to download and extract location data from images on the Site.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email. We share data with the third-party providers listed above and may disclose information to comply with legal requests or where necessary to protect rights, property, and safety. We may share aggregated or de-identified data and also share data with third parties when you consent or direct us to do so. Information you choose to make public — such as a comment, display name, or avatar — is visible to others and may be indexed by search engines.
How long we retain your data
If you leave a comment, the comment and its metadata are retained so we can recognize and approve follow-up comments automatically. For registered users (if any), we store the personal information provided in user profiles; users can see, edit, or delete their information at any time (username cannot be changed). We keep server and CDN logs for a limited period (typically about 30 days) for security, diagnostics, and analytics. Deleted content may remain in backups and caches for a limited time before being purged.
Your privacy rights
Depending on where you live, you may have the following rights over your personal data:
- Access & portability: Request a copy of the personal data we hold about you, in a portable format.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your personal data, except for data we are obliged to keep for administrative, legal, or security purposes.
- Restriction & objection: Restrict or object to certain processing of your data.
- Withdraw consent: Withdraw consent for processing that relies on consent (including personalized advertising) at any time, without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, contact [email protected] or use our contact page. We will verify your identity before acting on a request, and you may designate an authorized agent by providing written authorization.
“Do Not Sell or Share” and Global Privacy Control
In the last 12 months we may have collected identifiers, commercial information, internet/network activity, geolocation data, audio/visual information (e.g., profile image), professional or employment information (for applications), and inferences. We do not sell personal information in the traditional sense. However, some sharing with advertising, marketing, or analytics partners (for example, sharing cookie identifiers for ad personalization) could be considered a “sale” or “share” under certain U.S. state laws such as the CCPA.
If you wish to opt out of these “sales” or “shares,” you may: (a) use the “Do Not Sell or Share My Personal Information” link in the Site footer, (b) reject advertising cookies in our cookie banner, or (c) email [email protected]. We also honor the Global Privacy Control (GPC) signal — if your browser sends a GPC signal, we will treat it as an opt-out of the “sale” or “sharing” of your personal information for cross-context advertising. Opt-outs are cookie-based; if you clear cookies or use another browser or device, you will need to opt out again.
Your other choices
- Limit information: Optional profile and billing fields are not required unless needed for a purchase or feature.
- Marketing opt-out: You can unsubscribe from promotional emails at any time (service/legal notices may still be sent).
- Analytics opt-out: You can manage analytics cookies through our consent banner or browser settings.
- Close account: You can request account closure; some data may be retained as necessary to comply with law or for legitimate business purposes.
Children’s privacy
The Site is not directed to children under 13 (or the applicable age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.
International data transfers
If your information is transferred outside your region (e.g., outside the EEA/UK), we use appropriate safeguards required by law (such as Standard Contractual Clauses). Some of our providers — including Google and Microsoft — may process data in the United States or other countries under their respective privacy frameworks.
Security
We use reasonable technical and organizational measures to protect information from unauthorized access, use, alteration, or destruction, including HTTPS/TLS in transit and security headers (HSTS). No online service is 100% secure. Use a strong, unique password and enable two-step authentication where available.
Changes to this policy
We may update this policy from time to time. We will post the revised date at the top of this page and, when appropriate, provide additional notice. Continued use of the Site after changes means you accept the updated policy.
How to contact us
Questions or requests about this Privacy Policy or your data rights: [email protected] or use our contact page. You may appoint an authorized agent by providing written authorization.
License and attribution
Portions of this policy are adapted from Automattic’s Privacy Policy, available under a Creative Commons Sharealike license, at https://automattic.com/privacy/.